Fines can be as much as 4%* of worldwide revenue for sites that do not comply with GDPR



Put in place on May 25, 2018, the General Data Protection Regulation (GDPR) has affected how websites handle user data. Although the GDPR is intended to protect the privacy and data of European Union citizens, it inevitably affects American websites -- including ours and yours -- that may gather data from European visitors.

GDPR is similar to other online regulations, such as ADA compliance, in that they make the digital experience better for everyone, but it also means that your business must update its online process to meet these requirements.

As a result, you may have many questions about what your institution must do next. We’ve already been thinking about GDPR from both the business perspective and the developer’s perspective, and we’re here to guide you.

How GDPR Affects Your Website

Most websites track user data in some way, either by capturing email addresses or tracking what users do on sites for purposes of analytics and marketing. GDPR gives users more control over how much user data you can gather. Now, European users have the ability to opt out of being tracked, pick and choose how you will use their data, request their own data, or ask to be deleted from your system entirely.

The General Data Protection Regulation logo

What GDPR Means for Higher Ed

Many American colleges and universities recruit European students, which means you may be collecting data from prospective students whose rights are protected by the GDPR. While many universities may believe that being FERPA compliant is enough for GDPR, that is false. FERPA (Family Educational Rights and Privacy Act) is a U.S. federal law designed to protect the privacy of students and their education records. Two ways to be FERPA compliant is to notify students annually in writing of their rights under FERPA or to grant access to students and/or parents to education records. The greatest point that GDPR differs from FERPA is the “right to be forgotten” clause. This means that all information collected on students must be destroyed after their departure from the university. From email addresses, to admissions applications everything must be purged.

Preparing for GDPR

GDPR affects your site on multiple fronts. For starters, your hosting environment, data transmissions, and data capture tools must be secure. You’ll also need to create ways for users to opt-in to tracking by cookies or sessions, give them a chance to access their own data, update your privacy policies, and document how you plan to track all this activity. On top of that, you need to monitor third-party services for GDPR compliance and prepare a crisis communication plan in the event of a data breach.

How iFactory Can Help

That’s a lot. But we can help. Our developers have already engineered our sites to meet GDPR standards, and we are working with current clients to ensure compliance at launch. Whether your site is live or not, we can assess your situation, provide consulting, and even carry out the steps required to protect the privacy of your users. We can also connect you with trusted legal counsel so you can update your privacy policies and check off all the GDPR items on your list.

Please let us know if we can provide you with more information on this project, or any others.

Contact Us